I have successfully configured SSL/TLS for Postfix SMTP outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed

Turritopsis Dohrnii Teo En Ming ceo.teo.en.ming at gmail.com
Wed Aug 25 15:02:42 UTC 2021


Subject: I have successfully configured SSL/TLS for Postfix SMTP
outgoing mail server for a customer in Singapore on 25 Aug 2021 Wed

Good day from Singapore,

I have successfully configured SSL/TLS for Postfix SMTP outgoing mail
server for a customer in Singapore on 25 Aug 2021 Wed. It took me 7-8
hours to
solve this problem. I think my boss can probably solve this problem in
10 minutes.

I have prepared this extremely short and concise guide to remind
myself and everyone how to configure SSL/TLS for Postfix SMTP outgoing
Linux mail server.

Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 25 August 2021 Wed Singapore Time

Type of Publication: Plain Text

Document version: 20210825.01

===BEGINNING OF GUIDE===

Add the following lines to /etc/postfix/main.cf:

smtpd_tls_cert_file = /etc/postfix/teo-en-ming-corp.crt
smtpd_tls_key_file = /etc/postfix/teo-en-ming-corp.key
smtp_tls_security_level = may
smtpd_tls_security_level = may
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_scache
smtp_tls_session_cache_database = btree:/var/lib/postfix/smtp_scache

Add the following lines to /etc/postfix/master.cf:

submission      inet    n       -       n       -       -       smtpd
smtps           inet    n       -       n       -       -       smtpd

Restart Postfix for changes to take effect.

# service postfix restart

Submission port is 587. SMTPS port is 465. Normal SMTP port is 25.

Add the following firewall rules to /etc/sysconfig/iptables. This is
to open ports for services/daemons listening on TCP ports 25, 465, and
587.

-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT

-A INPUT ! -i lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT
-A OUTPUT ! -o lo -p tcp -m state --state NEW -m tcp --dport 587 -j ACCEPT

Reload firewall rules.

# service iptables restart

Linux troubleshooting commands:

# openssl s_client -connect mail.teo-en-ming-corp.com:25 -servername
mail.teo-en-ming-corp.com -starttls smtp
# openssl s_client -connect mail.teo-en-ming-corp.com:465 -servername
mail.teo-en-ming-corp.com -starttls smtp
# openssl s_client -connect mail.teo-en-ming-corp.com:587 -servername
mail.teo-en-ming-corp.com -starttls smtp

# openssl s_client -connect example.com:[port] -servername example.com

# telnet mail.teo-en-ming-corp.com 25
# telnet mail.teo-en-ming-corp.com 465
# telnet mail.teo-en-ming-corp.com 587

===END OF GUIDE===

You will be able to see STARTTLS in the SMTP banner for Postfix for
TCP ports 25, 465 and 587 if you do a Telnet to your mail server.

If there are corrections and/or additions to this guide, I will post back here.

Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 25 August
2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT
Consultant
with a System Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.






-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----


More information about the openssl-users mailing list